Channels

Services

WordPress 3.4 update fixes security vulnerabilities

The WordPress developers have released an update to their open source publishing platform that closes important security holes. Version 3.4.2 of WordPress addresses two privilege escalation vulnerabilities that could potentially be exploited by a malicious user to bypass certain security restrictions. WordPress is often a target for attackers and ensuring it is secure protects not only the published content but the readers of the content.

The vulnerabilities are said to be in the Atom Publishing Protocol endpoint and in code related to multi-site installations. New hardening measures such as simplified error messages when an upload fails have also been incorporated. Issues unrelated to security that have been fixed include pagination problems, a bug that caused themes to not preview correctly, issues with the visual editor when working with captions, and problems in the admin area that could result in lag and freezing when run under older browsers such as Internet Explorer 7.

The developers have also updated their WordPress for iOS mobile app to version 3.1.3. The update adds a settings form for editing and testing credentials for the WordPress enhancement package Jetpack, corrects problems when trying to reset passwords within the app, and fixes various crashing bugs.